The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion
libxml2-2.9.13-1.fc34
Update to 2.9.13
Fix CVE-2022-23308
mingw-expat-2.4.6-1.fc35
Update to expat-2.4.6, see https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes for details.
mingw-expat-2.4.6-1.fc34
Update to expat-2.4.6, see https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes for details.
libxml2-2.9.13-1.fc35
Update to 2.9.13
Fix CVE-2022-23308
The Department of Justice (DOJ) announced on February 7, 2022, the unsealing of an indictment that charged Chinese telecommunications company Hytera Communications with conspiring with former Motorola Solutions employees to “steal digital mobile radio (DMR) technology from Motorola.”
This announcement is just the latest piece in a multi-year saga involving the theft of Motorola’s intellectual property (IP) by employees prior to their departure from Motorola. While the DOJ indictment redacts the name of the employees who are included in the indictment, a look back into the civil litigation between Motorola and Hytera provides clues as to their identities.
